从网页登录或Laravel中的api如何使用不同的守卫?
How to use different guard when login in from web or api in Laravel?
我正在为移动应用创建 Laravel (5.7) 应用程序。所以我有一个 API 和一个 Web 面板,都需要登录并且每个都有一个模型。对于 Web 登录,我使用 User 模型(因为这是操作角色),另一个模型 Client 用于通过应用程序注册的用户。
我正在使用 JWT 为移动应用程序创建身份验证令牌并使用 Web 面板的常规登录。
复杂的是,默认的 auth.php guard 是 web,如果我使用 API 中的(以下)身份验证方法,它会查看用户 table,而不是客户端 table,当我将默认保护更改为 api 但 Web 登录然后尝试查看 clients table.
所以,简而言之,我已经尝试以多种不同方式切换此默认守卫,但它就是行不通。我所做的一些测试(失败的)是:
- 将登录控制器中的 $guard 变量更改为 web 并将 api 设置为 auth.php
中的默认值
- 在我的 API 的身份验证方法中使用
Config::set('auth.defaults.guard' , 'api'); 或 config('auth.defaults.guard' , 'api');(及其所有变体)在执行时覆盖默认值 auth.php 保护
这是我的 auth.php 文件
<?php
return [
/*
|--------------------------------------------------------------------------
| Authentication Defaults
|--------------------------------------------------------------------------
|
| This option controls the default authentication "guard" and password
| reset options for your application. You may change these defaults
| as required, but they're a perfect start for most applications.
|
*/
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
],
/*
|--------------------------------------------------------------------------
| Authentication Guards
|--------------------------------------------------------------------------
|
| Next, you may define every authentication guard for your application.
| Of course, a great default configuration has been defined for you
| here which uses session storage and the Eloquent user provider.
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| Supported: "session", "token"
|
*/
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'session',
'provider' => 'clients'
],
],
/*
|--------------------------------------------------------------------------
| User Providers
|--------------------------------------------------------------------------
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| If you have multiple user tables or models you may configure multiple
| sources which represent each model / table. These sources may then
| be assigned to any extra authentication guards you have defined.
|
| Supported: "database", "eloquent"
|
*/
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'clients' => [
'driver' => 'eloquent',
'model' => App\Client::class,
],
],
/*
|--------------------------------------------------------------------------
| Resetting Passwords
|--------------------------------------------------------------------------
|
| You may specify multiple password reset configurations if you have more
| than one user table or model in the application and you want to have
| separate password reset settings based on the specific user types.
|
| The expire time is the number of minutes that the reset token should be
| considered valid. This security feature keeps tokens short-lived so
| they have less time to be guessed. You may change this as needed.
|
*/
'passwords' => [
'users' => [
'provider' => 'users',
'table' => 'password_resets',
'expire' => 60,
],
],
];
我的 ApiClientController.php
中的身份验证方法
public function authenticate(Request $request)
{
// config('auth.defaults.guard' , 'api'); // NOT WORKING!!
// Config::set('auth.guards.web.provider', 'clients'); // NOT WORKING!!
// Config::set('auth.providers.users.model', Client::class); // NOT WORKING!!
// config('auth.providers.users.model', Client::class); // NOT WORKING!!
$credentials = $request->only('phone', 'password');
try {
if (! $token = JWTAuth::attempt($credentials)) {
return response()->json(['error' => 'invalid_credentials'], 400);
}
} catch (JWTException $e) {
return response()->json(['error' => 'could_not_create_token'], 500);
}
Log::info("JWT Token: $token");
return response()->json(compact('token'));
}
此外,这是我的客户端模型
<?php
namespace App;
use Tymon\JWTAuth\Contracts\JWTSubject;
use Illuminate\Foundation\Auth\User as Authenticatable;
class Client extends Authenticatable implements JWTSubject
{
protected $hidden = [
'password', 'phone_verification_code', 'phone_verified_at'
];
public function getJWTIdentifier()
{
return $this->getKey();
}
public function getJWTCustomClaims()
{
return [];
}
}
$request 实例有一个采用一个参数的 user 方法:
$request->user('apiguard');
如果您正在尝试身份验证:
Auth::guard('apiguard')->attempt($credentials);
我正在为移动应用创建 Laravel (5.7) 应用程序。所以我有一个 API 和一个 Web 面板,都需要登录并且每个都有一个模型。对于 Web 登录,我使用 User 模型(因为这是操作角色),另一个模型 Client 用于通过应用程序注册的用户。
我正在使用 JWT 为移动应用程序创建身份验证令牌并使用 Web 面板的常规登录。
复杂的是,默认的 auth.php guard 是 web,如果我使用 API 中的(以下)身份验证方法,它会查看用户 table,而不是客户端 table,当我将默认保护更改为 api 但 Web 登录然后尝试查看 clients table.
所以,简而言之,我已经尝试以多种不同方式切换此默认守卫,但它就是行不通。我所做的一些测试(失败的)是:
- 将登录控制器中的 $guard 变量更改为 web 并将 api 设置为 auth.php 中的默认值
- 在我的 API 的身份验证方法中使用
Config::set('auth.defaults.guard' , 'api');或config('auth.defaults.guard' , 'api');(及其所有变体)在执行时覆盖默认值 auth.php 保护
这是我的 auth.php 文件
<?php
return [
/*
|--------------------------------------------------------------------------
| Authentication Defaults
|--------------------------------------------------------------------------
|
| This option controls the default authentication "guard" and password
| reset options for your application. You may change these defaults
| as required, but they're a perfect start for most applications.
|
*/
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
],
/*
|--------------------------------------------------------------------------
| Authentication Guards
|--------------------------------------------------------------------------
|
| Next, you may define every authentication guard for your application.
| Of course, a great default configuration has been defined for you
| here which uses session storage and the Eloquent user provider.
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| Supported: "session", "token"
|
*/
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'session',
'provider' => 'clients'
],
],
/*
|--------------------------------------------------------------------------
| User Providers
|--------------------------------------------------------------------------
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| If you have multiple user tables or models you may configure multiple
| sources which represent each model / table. These sources may then
| be assigned to any extra authentication guards you have defined.
|
| Supported: "database", "eloquent"
|
*/
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'clients' => [
'driver' => 'eloquent',
'model' => App\Client::class,
],
],
/*
|--------------------------------------------------------------------------
| Resetting Passwords
|--------------------------------------------------------------------------
|
| You may specify multiple password reset configurations if you have more
| than one user table or model in the application and you want to have
| separate password reset settings based on the specific user types.
|
| The expire time is the number of minutes that the reset token should be
| considered valid. This security feature keeps tokens short-lived so
| they have less time to be guessed. You may change this as needed.
|
*/
'passwords' => [
'users' => [
'provider' => 'users',
'table' => 'password_resets',
'expire' => 60,
],
],
];
我的 ApiClientController.php
中的身份验证方法 public function authenticate(Request $request)
{
// config('auth.defaults.guard' , 'api'); // NOT WORKING!!
// Config::set('auth.guards.web.provider', 'clients'); // NOT WORKING!!
// Config::set('auth.providers.users.model', Client::class); // NOT WORKING!!
// config('auth.providers.users.model', Client::class); // NOT WORKING!!
$credentials = $request->only('phone', 'password');
try {
if (! $token = JWTAuth::attempt($credentials)) {
return response()->json(['error' => 'invalid_credentials'], 400);
}
} catch (JWTException $e) {
return response()->json(['error' => 'could_not_create_token'], 500);
}
Log::info("JWT Token: $token");
return response()->json(compact('token'));
}
此外,这是我的客户端模型
<?php
namespace App;
use Tymon\JWTAuth\Contracts\JWTSubject;
use Illuminate\Foundation\Auth\User as Authenticatable;
class Client extends Authenticatable implements JWTSubject
{
protected $hidden = [
'password', 'phone_verification_code', 'phone_verified_at'
];
public function getJWTIdentifier()
{
return $this->getKey();
}
public function getJWTCustomClaims()
{
return [];
}
}
$request 实例有一个采用一个参数的 user 方法:
$request->user('apiguard');
如果您正在尝试身份验证:
Auth::guard('apiguard')->attempt($credentials);